Le 22 déc. 2013 22:00, "Ben Hutchings" <b...@decadent.org.uk> a écrit : > > On Sun, 2013-12-22 at 19:52 +0000, brian m. carlson wrote: > > On Sun, Dec 22, 2013 at 08:12:40PM +0100, Andreas Metzler wrote: > > > How to continue from here/solve this: > > > --------- > > > #1 Fork LGPLv2.1+ GMP (version 4.2.1) for Debian. > > > > This seems like the best idea, as it lets us use newer versions of > > GnuTLS that support elliptic curves with the minimum amount of pain. > > I think this would be a good idea if GnuTLS doesn't depend on too many > features of newer GMP. > > [...] > > > #6 Move to GnuTLS3, drop GnuTLS2. Packages which cannot use GnuTLS3 > > > for license reasons will need to drop TLS support or be relicensed or > > > be ported to a different TLS library. > > > > I don't think this option is a good idea. It will leave git without > > HTTPS support, since libcurl3-nss doesn't actually work for HTTPS. > > libcurl3-nss requires an additional library not in Debian for the crypto > > support to work at all, and despite me filing bugs, neither the NSS nor > > the curl maintainers have stepped up to fix this. > > > > This also doesn't consider the fact that NSS provides poorer crypto > > support than either OpenSSL or GnuTLS, although it's getting better. > > The free software world desparately needs a permissively licenced TLS > library with sane default behaviour. OpenSSL or GnuTLS seem to have > failed us on both grounds, and I hope interested developers will > cooperate with the Fedora developers in making NSS usable by more > applications.
Fedora created a open SSL compat library based on libnss. I can package it if i get a sponsor > Ben. > > -- > Ben Hutchings > If at first you don't succeed, you're doing about average.
